This application is a Continuation of application Ser. No. 09/136,865 filed Aug. 19, 1998 now U.S. Pat. No. 6,289,456.
The present invention relates to a method of theft protection for computers and/or computer related hardware.
Background: Theft of Computer Components
As computers become more common in industry and at home, theft of the computers, of their components, and of information stored on them has become more prevalent. With advances in technology resulting in smaller and smaller components which may even be more expensive, theft becomes more widespread. Employees continue to be the primary source for losses due to theft. For example, employees who have compatible systems at home may be tempted to swap boards and input devices at work to repair or upgrade their systems at home. Employees are not the only threat. Repairmen, janitors, delivery-persons, other contractors, customers, invited guests, and even security people themselves may have an opportunity to take computer property.
The increasing use of plug-and-play and hot-swappable units has also been helpful for thieves, since these architectures have accelerated trends toward modular components which can be quickly attached or removed from a system.
In large companies with equally large computer data centers and inventories, it is a formidable task to keep an up-to-date inventory of the location of all computers and associated components. A major problem in computer asset control is the determination of when a system's hardware has been removed or stolen. Hard drives, memory, processors, and other expensive computer peripherals within the computer system can be easily removed and sold on the black market. Where a system may be used infrequently, or perhaps sits unattended for extended periods of time, a theft may be detected only when a person uses the system. If the thief is more adept, the theft may go undetected for quite some time, and only be discovered when the system undergoes routine maintenance by a technician. For example, it is very possible that a multi-processor system can have all except one of its processors stolen from the unit and the machine will still run. Similarly, unless the system is “smart” enough to indicate to an administrator that the memory configuration has changed, it is likely that it will take months before someone realizes the memory has been removed or stolen. The loss of these components are not only costly, but also impact productivity.
Background: High-Tech Equipment Theft
Computers and related peripherals, and intellectual property are not the only target of high-tech theft. State-of-the-art instrumentation and test equipment are also prime candidates and are usually more expensive per unit volume than a typical home computer. Although less “marketable” than computer equipment, the theft of this type of equipment can represent a sizeable loss to companies using such equipment.
Background: Current Detection Methods
Some intrusion detection methods incorporate hood intrusion detection architectures. Current hood intrusion implementations detect that the hood has been opened and alerts the system administrator during system Power-On Self Test (“POST”). If a system hood has been opened, regardless of whether the system is powered by AC power or not, a flag (alarm) will be set. This flag is then checked by the system's firmware during the next power-up. If the alarm bit is set, this indicates an intrusion has occurred and system integrity may have been compromised. Once the alarm bit is detected, the system administrator is notified and appropriate measures can be taken. Furthermore, the alarm bit can only be cleared via software which makes it more difficult to hack for even the most astute thief.
The main pitfall of the current hood intrusion implementation is that it only indicates to the administrator that the hood has been opened. It does not indicate when the hood was opened. So it is possible that a computer whose parts have been removed could be sitting for a couple of days or even longer before next power-up. Thus no one will know exactly when the theft occurred. This is problematic since without an accurate time, it becomes more difficult to narrow down a list of possible suspects.
Another problem associated with current intrusion detection implementations is logging. In current methods, the only indication of an intrusion is an alarm bit being set. It is possible that a power cycle of the system maintaining the alarm bit can be used to clear the bit. Such a security loophole can hide the evidence that an intrusion has taken place until physical discovery of the intrusion i.e., through missing parts. Some current implementations contain an embedded network interface that allows intrusion information to be sent to a server. However, network communications usually depend on a physical link which can easily be found and disabled. The inability to log an intrusion creates a problem in tracking the suspects and missing parts in that the time of the intrusion cannot be determined even if the alarm bit is not cleared.
Innovative Intrusion Detection and Time-Stamp Architecture
The disclosed architecture allows the system administrator to detect that a system hood has been opened. In addition, this invention accurately records the time and date of the hood intrusion, and allows the system administrator to correlate access to the system with other security measures (for example security code access to a computer room or surveillance camera data). By doing so, a theft occurrence can be narrowed down to some specific time frame (and hopefully, fewer suspects).
In the presently preferred embodiment, the innovative hood sensing circuitry essentially consists of a latch, a switch, an oscillator, decoupling circuits, and a real time clock (“RTC”) chip. Because the circuitry is powered by a battery, the components used need to be capable of operating at a low voltage and also have low power dissipation. Additional circuitry can be used to recharge the battery or to enable the hood sensing circuitry to be powered by an outside source, including when the system itself is turned off. Thus conserving battery power and battery life.
Communication between the RTC and the system could be through, for example, a computer ISA bus interface. One general purpose output pin is used to allow software to clear the alarm condition. An additional general purpose input pin can be used for software interfacing where a program may be used to check the status of the hood alarm condition. Ideally, this circuitry can be implemented as part of an ASIC (Application-Specific Integrated Circuit) to reduce the cost of the feature.
Additionally, the components comprising the computer itself can be monitored for removal. Each component of the system e.g., power supply, memory, processor, hard drive, etc., can be connected to a dedicated detector circuit allowing tracking of the system the part level. Additionally, the intrusion detector circuit can be employed in for example, equipment such as routers or other costly network equipment, or rack-mountable instrumentation housing multiple insertable boards.